[CERT-daily] Tageszusammenfassung - Montag 10-10-2016

Mon Oct 10 18:49:41 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 07-10-2016 18:00 − Montag 10-10-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Europe to Push New Security Rules Amid IoT Mess ***
---------------------------------------------
The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.
---------------------------------------------
https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-iot-mess/


*** Mehr Sicherheit für das Internet der Dinge ***
---------------------------------------------
Die vernetzten Geräte des Internet of Things (IoT) sammeln und verarbeiten immer mehr Daten, versagen jedoch häufig beim Schutz dieser Daten. Ein ausführlicher Leitfaden will bei der Entwicklung sicherer Geräte helfen.
---------------------------------------------
https://heise.de/-3343482


*** Security Economics of the Internet of Things ***
---------------------------------------------
Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack.In many ways, this is nothing new. Distributed denial-of-service attacks are a family of attacks that cause websites and other Internet-connected...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/10/security_econom_1.html


*** Mirai: DDoS per IoT ***
---------------------------------------------
In den letzten Wochen wurde mal wieder ein neuer Rekord für den bisher stärksten gemessenen Distributed Denial of Service (DDoS) Angriff aufgestellt. Das ist soweit nicht überraschend, die verfügbare Bandbreite im Internet wächst immer noch stark, da ist klar, dass damit auch die Angriffsstärke zunehmen kann. Überraschend war aber, dass der Rekord nicht über einen "reflected DDoS" erreicht wurde. Diese Methode...
---------------------------------------------
http://www.cert.at/services/blog/20161010095630-1789.html


*** Strange Loop - IP Spoofing ***
---------------------------------------------
I recently gave a talk at the Strange Loop conference in St Louis. The recording and slides are available, but for easier consumption heres a transcript.
---------------------------------------------
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/


*** VMware stopft Informationsleck in Horizon View ***
---------------------------------------------
Wichtige Sicherheits-Updates sollen VMware Horizon View unter Windows sicherer machen.
---------------------------------------------
https://heise.de/-3343678


*** Radare2: rahash2, (Mon, Oct 10th) ***
---------------------------------------------
Radare2 is an open-source reverse-engineering framework. Some time ago I wrote about recovering ransomed pictures. By calculating the entropy of the ransomed files with my byte-stats tool, I could see that the file was not completely encrypted. rahash2 is one of the tools in the Radare2 framework. As it names implies, it calculates (cryptographic) hashes, but it is quite versatile. For example, it will also calculate entropy:  And like my byte-stats.py tool, it can also split the file in blocks...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21577&rss


*** Remove ransomware infections from your PC using these free tools ***
---------------------------------------------
A how-to on finding out what ransomware is squatting in your PC -- and how to get rid of it.
---------------------------------------------
http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools/


*** Open-Source-Router: 1000 Turris Omnia ausgeliefert ***
---------------------------------------------
Nachdem es ursprünglich im Sommer losgehen sollte, lieferte der Hersteller cz.nic doch erst Ende September die ersten Turris-Omnia-Router aus. Vor ein paar Tagen wurde bereits das tausendste Exemplar verschickt.
---------------------------------------------
https://heise.de/-3344417


*** VU#338624: U by BB and T iOS banking application fails to properly validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#338624 U by BB&T iOS banking application fails to properly validate SSL certificates Original Release date: 30 Sep 2016 | Last revised: 06 Oct 2016   Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.  Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking application. On iOS...
---------------------------------------------
http://www.kb.cert.org/vuls/id/338624


*** Vuln: GraphicsMagick CVE-2016-7997 NULL Pointer Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93467


*** DSA-3689 php5 - security update ***
---------------------------------------------
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3689


*** Toshiba FlashAir does not require authentication in "Internet pass-thru Mode" ***
---------------------------------------------
FlashAir provided by Toshiba Corporation does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled.
---------------------------------------------
http://jvn.jp/en/jp/JVN39619137/


*** IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21992051


*** IBM Security Bulletin: HTTP Response Splitting in Liberty affects IBM MessageSight (CVE-2016-0359) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21991096


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024350


*** IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Systems Director Storage Control ( CVE-2015-4872) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024349